Hackers release data of millions of Ashley Madison cheating site users
A massive dump of data just short of 10 gigabytes was released on the dark web on Tuesday by the Impact Team group claiming to be behind the scandalous Ashley Madison hack. The data appear to include sensitive customer information, such as payment transaction and credit card details, emails, names, addresses, phone numbers and member profiles.
Although the leaked data did not include full credit card details and billing information, the hack is still a major embarrassment to Avid Life Media Inc., which owns the site, and some 38 million of its users whose private data was exposed.
While the passwords released are hashed, according to Wired, hackers may still eventually crack the easier ones, gaining access to user’s private correspondence if the account is still online.
“Time’s up!” the Impact Team wrote in the introduction to the leak, apparently referencing to Avid Life Media’s decision to keep the website online reassuring their users of increased security measures instead.
“It was ALM that failed you and lied to you,” the group added. “Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you'll get over it.”
There are more than 1M unique email addresses attached to payment records in the Ashley Madison dump.— Troy Hunt (@troyhunt) August 19, 2015
Although it is unknown how much of the personal data is legit, given that people seeking an affair would likely fill out a profile with fake details, the hack is still expected to result in massive public outcry and embarrassment.
Online security analysts and social media users scanning through the leaked database have, for example, already noticed an email address which appears to belong to former UK PM Tony Blair, but since the affair website does not require email address verification some noted that anyone could have used it to set up a fake account.
Meanwhile ALM has acknowledged they know about the release of “more of the stolen data,” the company said in an email to Ars Technica.
“We are actively monitoring and investigating this situation to determine the validity of any information posted online… furthermore, we will continue to put forth substantial efforts into removing any information unlawfully released to the public, as well as continuing to operate our business.”
The Royal Canadian Mounted Police and Ontario Provincial Police along with the FBI are investigating the hack, the company said, admitting the bureau’s involvement for the first time.
“This event is not an act of hacktivism, it is an act of criminality,” the company added, emphasizing that they are cooperating with authorities to hold the perpetrators accountable to the “strictest” measures of the law. “The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society.”